Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Cloud Computing Security           조인순
2Topics1.   What is Cloud Computing?2.   The Same Old Security Problems3.   Virtualization Security4.   New Security Issue...
3What is Cloud Computing?“Cloud computing is a model for enabling conveni-ent, on-demand network access to a shared pool o...
4Cloud Service Architectures as Layers
5Cloud Service Models Abstraction Layers
6Multi-Tenancy
7Cloud Deployment Architectures
8Same Old Security Issues1.   Data Loss2.   Downtimes3.   Phishing4.   Password Cracking5.   Botnets and Other Malware
9Data Loss "Regrettably, based on Microsoft/Dangers latest recoveryassessment of their systems, we must now inform you tha...
10Downtimes
11 Phishing“hey! check out this funny blog about you”
12Password Cracking
13Botnets and Malware
14Virtualization Security1. Features 1. Isolation 2. Snapshots2. Issues 1.   State Restore 2.   Hypervisor Security 3.   I...
15Isolation• More than running 2 apps on same server• Less than running on 2 physical servers
16Snapshots• VMs can record state• In event of security incident,  revert VM back to an  uncompromised state• Must be sure...
17State Restore• VMs can be restored to an infected or vulnerable  state using snapshots.• Patching becomes undone.• Worms...
18Hypervisor Security• Vulnerability consequences ▫ Guest code execution with privilege ▫ VM Escape (Host code execution) ...
19Inner-VM Attacks• Attack via shared clipboard• Use shared folder to alter other VM’s disk image
20Scaling• Growth in physical machines limited by budget  and setup time• Adding a VM is easy as copying a file, leading t...
21New Security Issues1.   No Security Perimeter2.   Larger Attack Surface3.   New Side Channels4.   Lack of Auditability5....
22No Security Perimeter• Little control over physical or network location  of cloud instance VMs• Network access must be c...
23Larger Attack Surface    Cloud Provider     Your Network
24New Side Channels• You don’t know whose VMs are sharing the physical  machine with you.  ▫ Attackers can place their VMs...
25Lack of Auditability• Only cloud provider has access to full network tr  affic, hypervisor logs, physical machine data.•...
26Data Security                  Symmetric    Homomorphic   SSL                  Encryption   EncryptionConfidentiality   ...
Upcoming SlideShare
Loading in …5
×

Cloud security

289 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cloud security

  1. 1. Cloud Computing Security 조인순
  2. 2. 2Topics1. What is Cloud Computing?2. The Same Old Security Problems3. Virtualization Security4. New Security Issues and Threat Model5. Data Security
  3. 3. 3What is Cloud Computing?“Cloud computing is a model for enabling conveni-ent, on-demand network access to a shared pool ofconfigurable computing resources (e.g., networks,servers, storage, applications, and services) thatcan be rapidly provisioned and released with mini-mal management effort or service provider interac-tion.” NIST definition of Cloud Computing
  4. 4. 4Cloud Service Architectures as Layers
  5. 5. 5Cloud Service Models Abstraction Layers
  6. 6. 6Multi-Tenancy
  7. 7. 7Cloud Deployment Architectures
  8. 8. 8Same Old Security Issues1. Data Loss2. Downtimes3. Phishing4. Password Cracking5. Botnets and Other Malware
  9. 9. 9Data Loss "Regrettably, based on Microsoft/Dangers latest recoveryassessment of their systems, we must now inform you thatpersonal information stored on your device—such as contacts,calendar entries, to-do lists or photos—that is no longer onyour Sidekick almost certainly has been lost as a result of aserver failure at Microsoft/Danger.”
  10. 10. 10Downtimes
  11. 11. 11 Phishing“hey! check out this funny blog about you”
  12. 12. 12Password Cracking
  13. 13. 13Botnets and Malware
  14. 14. 14Virtualization Security1. Features 1. Isolation 2. Snapshots2. Issues 1. State Restore 2. Hypervisor Security 3. Inner-VM Attacks 4. Scaling
  15. 15. 15Isolation• More than running 2 apps on same server• Less than running on 2 physical servers
  16. 16. 16Snapshots• VMs can record state• In event of security incident, revert VM back to an uncompromised state• Must be sure to patch VM to avoid recurrence of compromise
  17. 17. 17State Restore• VMs can be restored to an infected or vulnerable state using snapshots.• Patching becomes undone.• Worms persist at low level forever due to reappearance of infected and vulnerable VMs.
  18. 18. 18Hypervisor Security• Vulnerability consequences ▫ Guest code execution with privilege ▫ VM Escape (Host code execution) Vendor CVEs KVM 32 QEMU 23 VirtualBox 9 VMware 126 Xen 86
  19. 19. 19Inner-VM Attacks• Attack via shared clipboard• Use shared folder to alter other VM’s disk image
  20. 20. 20Scaling• Growth in physical machines limited by budget and setup time• Adding a VM is easy as copying a file, leading to explosive growth in VMs• Rapid scaling can exceed capacity of organization’s security systems
  21. 21. 21New Security Issues1. No Security Perimeter2. Larger Attack Surface3. New Side Channels4. Lack of Auditability5. Data Security
  22. 22. 22No Security Perimeter• Little control over physical or network location of cloud instance VMs• Network access must be controlled on a host by host basis
  23. 23. 23Larger Attack Surface Cloud Provider Your Network
  24. 24. 24New Side Channels• You don’t know whose VMs are sharing the physical machine with you. ▫ Attackers can place their VMs on your machine. ▫ See “Hey, You, Get Off of My Cloud” paper for how.• Shared physical resources include ▫ CPU data cache: Bernstein 2005 ▫ CPU branch prediction: Onur Aciiçmez 2007 ▫ CPU instruction cache: Onur Aciiçmez 2007• In single OS environment, people can extract crypto graphic keys with these attacks.
  25. 25. 25Lack of Auditability• Only cloud provider has access to full network tr affic, hypervisor logs, physical machine data.• Need mutual auditability ▫ Ability of cloud provider to audit potentially malici ous or infected client VMs. ▫ Ability of cloud customer to audit cloud provider e nvironment.
  26. 26. 26Data Security Symmetric Homomorphic SSL Encryption EncryptionConfidentiality MAC Homomorphic SSL Integrity Encryption Redundancy Redundancy Redundancy Availability Storage Processing Transmission

×